[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 25.321911] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 29.505507] random: sshd: uninitialized urandom read (32 bytes read) [ 29.977054] random: sshd: uninitialized urandom read (32 bytes read) [ 30.612328] random: sshd: uninitialized urandom read (32 bytes read) [ 30.840092] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.15.194' (ECDSA) to the list of known hosts. [ 36.508574] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 36.630255] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 36.656507] ================================================================== [ 36.666519] BUG: KASAN: use-after-free in __schedule+0xfc3/0x1ed0 [ 36.672748] Read of size 8 at addr ffff8801c42e8058 by task syz-executor175/5337 [ 36.680268] [ 36.681900] CPU: 0 PID: 5337 Comm: syz-executor175 Not tainted 4.19.0-rc2+ #227 [ 36.689345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.698693] Call Trace: [ 36.701285] dump_stack+0x1c4/0x2b4 [ 36.704913] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.710107] ? printk+0xa7/0xcf [ 36.713388] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 36.718148] print_address_description.cold.8+0x9/0x1ff [ 36.723512] kasan_report.cold.9+0x242/0x309 [ 36.727922] ? __schedule+0xfc3/0x1ed0 [ 36.731813] __asan_report_load8_noabort+0x14/0x20 [ 36.736743] __schedule+0xfc3/0x1ed0 [ 36.740495] ? __sched_text_start+0x8/0x8 [ 36.744646] ? __lock_is_held+0xb5/0x140 [ 36.748703] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.753805] ? find_held_lock+0x36/0x1c0 [ 36.757874] ? __call_srcu+0x7f9/0x1070 [ 36.761847] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.766948] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 36.772051] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.776641] ? preempt_schedule+0x4d/0x60 [ 36.780793] preempt_schedule_common+0x1f/0xd0 [ 36.785376] preempt_schedule+0x4d/0x60 [ 36.789351] ___preempt_schedule+0x16/0x18 [ 36.793589] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 36.798520] __call_srcu+0x7f9/0x1070 [ 36.802325] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 36.807430] ? srcu_offline_cpu+0x120/0x120 [ 36.811754] ? debug_object_free+0x690/0x690 [ 36.816165] ? mark_held_locks+0x130/0x130 [ 36.820403] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 36.824988] ? lock_release+0x970/0x970 [ 36.828963] ? arch_local_save_flags+0x40/0x40 [ 36.833548] ? depot_save_stack+0x292/0x470 [ 36.837881] ? __lockdep_init_map+0x105/0x590 [ 36.842383] ? __init_waitqueue_head+0x9e/0x150 [ 36.847054] ? init_wait_entry+0x1c0/0x1c0 [ 36.851322] __synchronize_srcu+0x17b/0x230 [ 36.855648] ? call_srcu+0x10/0x10 [ 36.859191] ? rcu_unexpedite_gp+0x20/0x20 [ 36.863433] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 36.868970] ? check_preemption_disabled+0x48/0x200 [ 36.873992] synchronize_srcu+0x356/0x5ab [ 36.878143] ? lock_downgrade+0x900/0x900 [ 36.882292] ? synchronize_srcu_expedited+0x20/0x20 [ 36.887312] ? kasan_check_read+0x11/0x20 [ 36.891464] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.896055] ? kasan_check_write+0x14/0x20 [ 36.900297] ? do_raw_spin_lock+0xc1/0x200 [ 36.904538] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.910251] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.915705] ? kvfree+0x61/0x70 [ 36.918987] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.924008] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.928072] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.932499] ? kvm_arch_sync_events+0x30/0x30 [ 36.936998] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.942538] ? mmu_notifier_unregister+0x474/0x600 [ 36.947465] ? kfree+0x107/0x230 [ 36.950839] ? __mmu_notifier_register+0x30/0x30 [ 36.955599] ? __free_pages+0x10a/0x190 [ 36.959573] ? free_unref_page+0x960/0x960 [ 36.963818] kvm_put_kvm+0x6c8/0xff0 [ 36.967542] ? kvm_write_guest_cached+0x40/0x40 [ 36.972214] ? kvm_irqfd_release+0xd1/0x120 [ 36.976538] ? _raw_spin_unlock_irq+0x27/0x80 [ 36.981030] ? _raw_spin_unlock_irq+0x27/0x80 [ 36.985536] ? kasan_check_write+0x14/0x20 [ 36.989769] ? do_raw_spin_lock+0xc1/0x200 [ 36.994010] ? kvm_irqfd_release+0xdd/0x120 [ 36.998331] ? kvm_irqfd_release+0xdd/0x120 [ 37.002658] ? kvm_put_kvm+0xff0/0xff0 [ 37.006544] kvm_vm_release+0x42/0x50 [ 37.010344] __fput+0x385/0xa30 [ 37.013626] ? get_max_files+0x20/0x20 [ 37.017513] ? trace_hardirqs_on+0xbd/0x310 [ 37.021840] ? ___might_sleep+0x1ed/0x300 [ 37.025990] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 37.031552] ? arch_local_save_flags+0x40/0x40 [ 37.036147] ? kasan_check_write+0x14/0x20 [ 37.040402] ? do_raw_spin_lock+0xc1/0x200 [ 37.044633] ____fput+0x15/0x20 [ 37.047915] task_work_run+0x1e8/0x2a0 [ 37.051800] ? task_work_cancel+0x240/0x240 [ 37.056136] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.061671] ? switch_task_namespaces+0x9d/0xd0 [ 37.066341] do_exit+0x1ad7/0x2610 [ 37.069882] ? mm_update_next_owner+0x990/0x990 [ 37.074552] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 37.078787] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.083804] ? kfree+0x1fa/0x230 [ 37.087172] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 37.091420] ? kvm_vcpu_block+0x1030/0x1030 [ 37.095746] ? is_bpf_text_address+0xd3/0x170 [ 37.100239] ? kernel_text_address+0x79/0xf0 [ 37.104644] ? __kernel_text_address+0xd/0x40 [ 37.109142] ? unwind_get_return_address+0x61/0xa0 [ 37.114074] ? __save_stack_trace+0x8d/0xf0 [ 37.118407] ? save_stack+0xa9/0xd0 [ 37.122032] ? save_stack+0x43/0xd0 [ 37.125656] ? __kasan_slab_free+0x102/0x150 [ 37.130056] ? kasan_slab_free+0xe/0x10 [ 37.134030] ? putname+0xf2/0x130 [ 37.137737] ? __x64_sys_openat+0x9d/0x100 [ 37.141998] ? do_syscall_64+0x1b9/0x820 [ 37.146063] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.151780] ? trace_hardirqs_off+0xb8/0x310 [ 37.156189] ? kasan_check_read+0x11/0x20 [ 37.160335] ? do_raw_spin_unlock+0xa7/0x2f0 [ 37.164758] ? trace_hardirqs_on+0x310/0x310 [ 37.169167] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 37.174179] ? __fget_light+0x2e9/0x430 [ 37.178149] ? fget_raw+0x20/0x20 [ 37.181612] ? check_preemption_disabled+0x48/0x200 [ 37.186635] ? kvm_vcpu_block+0x1030/0x1030 [ 37.190955] ? do_vfs_ioctl+0x201/0x1720 [ 37.195029] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 37.200310] ? ioctl_preallocate+0x300/0x300 [ 37.204717] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.210256] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.215797] ? sockfd_lookup_light+0xc5/0x160 [ 37.220296] ? __sys_setsockopt+0x254/0x3c0 [ 37.224615] ? putname+0xf7/0x130 [ 37.228078] do_group_exit+0x177/0x440 [ 37.231978] ? trace_hardirqs_on+0xbd/0x310 [ 37.236300] ? __ia32_sys_exit+0x50/0x50 [ 37.240373] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 37.245827] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.251372] __x64_sys_exit_group+0x3e/0x50 [ 37.255699] do_syscall_64+0x1b9/0x820 [ 37.259600] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.264965] ? syscall_return_slowpath+0x5e0/0x5e0 [ 37.269899] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.274745] ? trace_hardirqs_on_caller+0x310/0x310 [ 37.279762] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 37.284782] ? prepare_exit_to_usermode+0x291/0x3b0 [ 37.289801] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.294651] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.299838] RIP: 0033:0x43ef48 [ 37.303033] Code: Bad RIP value. [ 37.306395] RSP: 002b:00007ffdef9e01c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 37.314111] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef48 [ 37.321384] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 37.328651] RBP: 00000000004be808 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 37.335915] R10: 00000000200007c0 R11: 0000000000000246 R12: 0000000000000001 [ 37.343184] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 37.350456] [ 37.352077] Allocated by task 5337: [ 37.355725] save_stack+0x43/0xd0 [ 37.359179] kasan_kmalloc+0xc7/0xe0 [ 37.362892] kasan_slab_alloc+0x12/0x20 [ 37.366866] kmem_cache_alloc+0x12e/0x730 [ 37.371020] vmx_create_vcpu+0xcf/0x25e0 [ 37.375093] kvm_arch_vcpu_create+0xe5/0x220 [ 37.379506] kvm_vm_ioctl+0x470/0x1d40 [ 37.383397] do_vfs_ioctl+0x1de/0x1720 [ 37.387282] ksys_ioctl+0xa9/0xd0 [ 37.390737] __x64_sys_ioctl+0x73/0xb0 [ 37.394628] do_syscall_64+0x1b9/0x820 [ 37.398514] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.403693] [ 37.405316] Freed by task 5337: [ 37.408595] save_stack+0x43/0xd0 [ 37.412045] __kasan_slab_free+0x102/0x150 [ 37.416277] kasan_slab_free+0xe/0x10 [ 37.420075] kmem_cache_free+0x83/0x290 [ 37.424057] vmx_free_vcpu+0x26b/0x300 [ 37.427955] kvm_arch_destroy_vm+0x365/0x7c0 [ 37.432372] kvm_put_kvm+0x6c8/0xff0 [ 37.436098] kvm_vm_release+0x42/0x50 [ 37.439896] __fput+0x385/0xa30 [ 37.443171] ____fput+0x15/0x20 [ 37.446453] task_work_run+0x1e8/0x2a0 [ 37.450338] do_exit+0x1ad7/0x2610 [ 37.453884] do_group_exit+0x177/0x440 [ 37.457771] __x64_sys_exit_group+0x3e/0x50 [ 37.462103] do_syscall_64+0x1b9/0x820 [ 37.465995] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.471170] [ 37.472797] The buggy address belongs to the object at ffff8801c42e8040 [ 37.472797] which belongs to the cache kvm_vcpu of size 23872 [ 37.485375] The buggy address is located 24 bytes inside of [ 37.485375] 23872-byte region [ffff8801c42e8040, ffff8801c42edd80) [ 37.497329] The buggy address belongs to the page: [ 37.502262] page:ffffea000710ba00 count:1 mapcount:0 mapping:ffff8801d5a4ea80 index:0x0 compound_mapcount: 0 [ 37.512233] flags: 0x2fffc0000008100(slab|head) [ 37.516903] raw: 02fffc0000008100 ffff8801d73d0048 ffff8801d73d0048 ffff8801d5a4ea80 [ 37.524786] raw: 0000000000000000 ffff8801c42e8040 0000000100000001 0000000000000000 [ 37.532659] page dumped because: kasan: bad access detected [ 37.538356] [ 37.539983] Memory state around the buggy address: [ 37.544908] ffff8801c42e7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.552266] ffff8801c42e7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.559623] >ffff8801c42e8000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 37.566972] ^ [ 37.573198] ffff8801c42e8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.580556] ffff8801c42e8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.587910] ================================================================== [ 37.595266] Kernel panic - not syncing: panic_on_warn set ... [ 37.595266] [ 37.602653] CPU: 0 PID: 5337 Comm: syz-executor175 Tainted: G B 4.19.0-rc2+ #227 [ 37.611481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.620845] Call Trace: [ 37.623440] dump_stack+0x1c4/0x2b4 [ 37.627095] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.632294] ? lock_downgrade+0x900/0x900 [ 37.636447] panic+0x238/0x4e7 [ 37.639639] ? add_taint.cold.5+0x16/0x16 [ 37.643794] ? print_shadow_for_address+0xb6/0x116 [ 37.648723] ? trace_hardirqs_off+0xaf/0x310 [ 37.653140] kasan_end_report+0x47/0x4f [ 37.657123] kasan_report.cold.9+0x76/0x309 [ 37.661451] ? __schedule+0xfc3/0x1ed0 [ 37.665345] __asan_report_load8_noabort+0x14/0x20 [ 37.670283] __schedule+0xfc3/0x1ed0 [ 37.674001] ? __sched_text_start+0x8/0x8 [ 37.678151] ? __lock_is_held+0xb5/0x140 [ 37.682210] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.687317] ? find_held_lock+0x36/0x1c0 [ 37.691389] ? __call_srcu+0x7f9/0x1070 [ 37.695370] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.700475] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 37.705576] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.710158] ? preempt_schedule+0x4d/0x60 [ 37.714312] preempt_schedule_common+0x1f/0xd0 [ 37.718903] preempt_schedule+0x4d/0x60 [ 37.722882] ___preempt_schedule+0x16/0x18 [ 37.727124] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 37.732059] __call_srcu+0x7f9/0x1070 [ 37.735864] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 37.741009] ? srcu_offline_cpu+0x120/0x120 [ 37.745330] ? debug_object_free+0x690/0x690 [ 37.749745] ? mark_held_locks+0x130/0x130 [ 37.753980] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 37.758564] ? lock_release+0x970/0x970 [ 37.762537] ? arch_local_save_flags+0x40/0x40 [ 37.767120] ? depot_save_stack+0x292/0x470 [ 37.771451] ? __lockdep_init_map+0x105/0x590 [ 37.775950] ? __init_waitqueue_head+0x9e/0x150 [ 37.780621] ? init_wait_entry+0x1c0/0x1c0 [ 37.784863] __synchronize_srcu+0x17b/0x230 [ 37.789186] ? call_srcu+0x10/0x10 [ 37.792728] ? rcu_unexpedite_gp+0x20/0x20 [ 37.796971] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.802509] ? check_preemption_disabled+0x48/0x200 [ 37.807529] synchronize_srcu+0x356/0x5ab [ 37.811681] ? lock_downgrade+0x900/0x900 [ 37.815827] ? synchronize_srcu_expedited+0x20/0x20 [ 37.820850] ? kasan_check_read+0x11/0x20 [ 37.825002] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 37.829588] ? kasan_check_write+0x14/0x20 [ 37.833827] ? do_raw_spin_lock+0xc1/0x200 [ 37.838070] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.843791] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 37.849243] ? kvfree+0x61/0x70 [ 37.852523] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.857545] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.861604] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.866014] ? kvm_arch_sync_events+0x30/0x30 [ 37.870511] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.876051] ? mmu_notifier_unregister+0x474/0x600 [ 37.880989] ? kfree+0x107/0x230 [ 37.884354] ? __mmu_notifier_register+0x30/0x30 [ 37.889124] ? __free_pages+0x10a/0x190 [ 37.893109] ? free_unref_page+0x960/0x960 [ 37.897368] kvm_put_kvm+0x6c8/0xff0 [ 37.901098] ? kvm_write_guest_cached+0x40/0x40 [ 37.905771] ? kvm_irqfd_release+0xd1/0x120 [ 37.910100] ? _raw_spin_unlock_irq+0x27/0x80 [ 37.914595] ? _raw_spin_unlock_irq+0x27/0x80 [ 37.919107] ? kasan_check_write+0x14/0x20 [ 37.923342] ? do_raw_spin_lock+0xc1/0x200 [ 37.927580] ? kvm_irqfd_release+0xdd/0x120 [ 37.931901] ? kvm_irqfd_release+0xdd/0x120 [ 37.936222] ? kvm_put_kvm+0xff0/0xff0 [ 37.940120] kvm_vm_release+0x42/0x50 [ 37.943921] __fput+0x385/0xa30 [ 37.947204] ? get_max_files+0x20/0x20 [ 37.951099] ? trace_hardirqs_on+0xbd/0x310 [ 37.955424] ? ___might_sleep+0x1ed/0x300 [ 37.959570] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 37.965024] ? arch_local_save_flags+0x40/0x40 [ 37.969608] ? kasan_check_write+0x14/0x20 [ 37.973843] ? do_raw_spin_lock+0xc1/0x200 [ 37.978080] ____fput+0x15/0x20 [ 37.981390] task_work_run+0x1e8/0x2a0 [ 37.985284] ? task_work_cancel+0x240/0x240 [ 37.989606] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.995146] ? switch_task_namespaces+0x9d/0xd0 [ 37.999821] do_exit+0x1ad7/0x2610 [ 38.003372] ? mm_update_next_owner+0x990/0x990 [ 38.008047] ? kvm_vcpu_ioctl+0x29c/0x1150 [ 38.012281] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.017297] ? kfree+0x1fa/0x230 [ 38.020670] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 38.024909] ? kvm_vcpu_block+0x1030/0x1030 [ 38.029233] ? is_bpf_text_address+0xd3/0x170 [ 38.033729] ? kernel_text_address+0x79/0xf0 [ 38.038139] ? __kernel_text_address+0xd/0x40 [ 38.042635] ? unwind_get_return_address+0x61/0xa0 [ 38.047568] ? __save_stack_trace+0x8d/0xf0 [ 38.051895] ? save_stack+0xa9/0xd0 [ 38.056004] ? save_stack+0x43/0xd0 [ 38.059628] ? __kasan_slab_free+0x102/0x150 [ 38.064163] ? kasan_slab_free+0xe/0x10 [ 38.068142] ? putname+0xf2/0x130 [ 38.071602] ? __x64_sys_openat+0x9d/0x100 [ 38.075837] ? do_syscall_64+0x1b9/0x820 [ 38.079900] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.085275] ? trace_hardirqs_off+0xb8/0x310 [ 38.089683] ? kasan_check_read+0x11/0x20 [ 38.093833] ? do_raw_spin_unlock+0xa7/0x2f0 [ 38.098245] ? trace_hardirqs_on+0x310/0x310 [ 38.102662] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 38.107680] ? __fget_light+0x2e9/0x430 [ 38.111656] ? fget_raw+0x20/0x20 [ 38.115116] ? check_preemption_disabled+0x48/0x200 [ 38.120137] ? kvm_vcpu_block+0x1030/0x1030 [ 38.124459] ? do_vfs_ioctl+0x201/0x1720 [ 38.128526] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 38.133807] ? ioctl_preallocate+0x300/0x300 [ 38.138217] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.143760] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 38.149306] ? sockfd_lookup_light+0xc5/0x160 [ 38.153923] ? __sys_setsockopt+0x254/0x3c0 [ 38.158260] ? putname+0xf7/0x130 [ 38.161743] do_group_exit+0x177/0x440 [ 38.165629] ? trace_hardirqs_on+0xbd/0x310 [ 38.169951] ? __ia32_sys_exit+0x50/0x50 [ 38.174014] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 38.179467] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.185009] __x64_sys_exit_group+0x3e/0x50 [ 38.189336] do_syscall_64+0x1b9/0x820 [ 38.193226] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 38.198590] ? syscall_return_slowpath+0x5e0/0x5e0 [ 38.203519] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.208366] ? trace_hardirqs_on_caller+0x310/0x310 [ 38.213382] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 38.218403] ? prepare_exit_to_usermode+0x291/0x3b0 [ 38.223424] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.228272] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.233456] RIP: 0033:0x43ef48 [ 38.236652] Code: Bad RIP value. [ 38.240014] RSP: 002b:00007ffdef9e01c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 38.247720] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef48 [ 38.254987] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 38.262258] RBP: 00000000004be808 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 38.269528] R10: 00000000200007c0 R11: 0000000000000246 R12: 0000000000000001 [ 38.276794] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 38.284069] [ 38.284076] ====================================================== [ 38.284082] WARNING: possible circular locking dependency detected [ 38.284096] 4.19.0-rc2+ #227 Not tainted [ 38.284102] ------------------------------------------------------ [ 38.284108] syz-executor175/5337 is trying to acquire lock: [ 38.284111] 0000000082a278c9 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 38.284128] [ 38.284132] but task is already holding lock: [ 38.284136] 00000000fd617ff3 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 38.284152] [ 38.284157] which lock already depends on the new lock. [ 38.284159] [ 38.284162] [ 38.284168] the existing dependency chain (in reverse order) is: [ 38.284171] [ 38.284173] -> #3 (report_lock){....}: [ 38.284190] _raw_spin_lock_irqsave+0x99/0xd0 [ 38.284194] kasan_report+0x8b/0x110 [ 38.284199] __asan_report_load8_noabort+0x14/0x20 [ 38.284203] __schedule+0xfc3/0x1ed0 [ 38.284208] preempt_schedule_common+0x1f/0xd0 [ 38.284213] preempt_schedule+0x4d/0x60 [ 38.284217] ___preempt_schedule+0x16/0x18 [ 38.284222] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 38.284227] __call_srcu+0x7f9/0x1070 [ 38.284231] __synchronize_srcu+0x17b/0x230 [ 38.284236] synchronize_srcu+0x356/0x5ab [ 38.284241] kvm_page_track_unregister_notifier+0x17d/0x250 [ 38.284246] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.284251] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 38.284255] kvm_put_kvm+0x6c8/0xff0 [ 38.284259] kvm_vm_release+0x42/0x50 [ 38.284263] __fput+0x385/0xa30 [ 38.284267] ____fput+0x15/0x20 [ 38.284272] task_work_run+0x1e8/0x2a0 [ 38.284276] do_exit+0x1ad7/0x2610 [ 38.284280] do_group_exit+0x177/0x440 [ 38.284285] __x64_sys_exit_group+0x3e/0x50 [ 38.284289] do_syscall_64+0x1b9/0x820 [ 38.284295] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.284297] [ 38.284300] -> #2 (&rq->lock){-.-.}: [ 38.284316] _raw_spin_lock+0x2d/0x40 [ 38.284320] task_fork_fair+0xb0/0x6d0 [ 38.284324] sched_fork+0x443/0xba0 [ 38.284329] copy_process+0x2586/0x8780 [ 38.284333] _do_fork+0x1cb/0x11d0 [ 38.284337] kernel_thread+0x34/0x40 [ 38.284341] rest_init+0x22/0xe5 [ 38.284345] start_kernel+0x8f4/0x92f [ 38.284350] x86_64_start_reservations+0x29/0x2b [ 38.284355] x86_64_start_kernel+0x76/0x79 [ 38.284360] secondary_startup_64+0xa4/0xb0 [ 38.284362] [ 38.284365] -> #1 (&p->pi_lock){-.-.}: [ 38.284381] _raw_spin_lock_irqsave+0x99/0xd0 [ 38.284386] try_to_wake_up+0xd2/0x12f0 [ 38.284390] wake_up_process+0x10/0x20 [ 38.284394] __up.isra.1+0x1c0/0x2a0 [ 38.284398] up+0x13c/0x1c0 [ 38.284402] __up_console_sem+0xbe/0x1b0 [ 38.284406] console_unlock+0x524/0x11a0 [ 38.284412] vprintk_emit+0x33d/0x930 [ 38.284416] vprintk_default+0x28/0x30 [ 38.284420] vprintk_func+0x7e/0x181 [ 38.284424] printk+0xa7/0xcf [ 38.284428] load_umh+0x51/0xbd [ 38.284433] do_one_initcall+0x145/0x957 [ 38.284438] kernel_init_freeable+0x4bb/0x5ae [ 38.284442] kernel_init+0x11/0x1b2 [ 38.284446] ret_from_fork+0x3a/0x50 [ 38.284449] [ 38.284451] -> #0 ((console_sem).lock){-...}: [ 38.284467] lock_acquire+0x1ed/0x520 [ 38.284472] _raw_spin_lock_irqsave+0x99/0xd0 [ 38.284476] down_trylock+0x13/0x70 [ 38.284482] __down_trylock_console_sem+0xae/0x200 [ 38.284486] console_trylock+0x15/0xa0 [ 38.284490] vprintk_emit+0x322/0x930 [ 38.284495] vprintk_default+0x28/0x30 [ 38.284499] vprintk_func+0x7e/0x181 [ 38.284503] printk+0xa7/0xcf [ 38.284507] kasan_report+0x9b/0x110 [ 38.284513] __asan_report_load8_noabort+0x14/0x20 [ 38.284517] __schedule+0xfc3/0x1ed0 [ 38.284522] preempt_schedule_common+0x1f/0xd0 [ 38.284526] preempt_schedule+0x4d/0x60 [ 38.284531] ___preempt_schedule+0x16/0x18 [ 38.284536] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 38.284540] __call_srcu+0x7f9/0x1070 [ 38.284545] __synchronize_srcu+0x17b/0x230 [ 38.284549] synchronize_srcu+0x356/0x5ab [ 38.284555] kvm_page_track_unregister_notifier+0x17d/0x250 [ 38.284559] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.284564] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 38.284568] kvm_put_kvm+0x6c8/0xff0 [ 38.284573] kvm_vm_release+0x42/0x50 [ 38.284576] __fput+0x385/0xa30 [ 38.284580] ____fput+0x15/0x20 [ 38.284585] task_work_run+0x1e8/0x2a0 [ 38.284589] do_exit+0x1ad7/0x2610 [ 38.284593] do_group_exit+0x177/0x440 [ 38.284598] __x64_sys_exit_group+0x3e/0x50 [ 38.284602] do_syscall_64+0x1b9/0x820 [ 38.284607] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.284610] [ 38.284615] other info that might help us debug this: [ 38.284617] [ 38.284621] Chain exists of: [ 38.284623] (console_sem).lock --> &rq->lock --> report_lock [ 38.284643] [ 38.284648] Possible unsafe locking scenario: [ 38.284651] [ 38.284655] CPU0 CPU1 [ 38.284660] ---- ---- [ 38.284663] lock(report_lock); [ 38.284673] lock(&rq->lock); [ 38.284683] lock(report_lock); [ 38.284692] lock((console_sem).lock); [ 38.284701] [ 38.284705] *** DEADLOCK *** [ 38.284707] [ 38.284712] 2 locks held by syz-executor175/5337: [ 38.284715] #0: 00000000ed5f6d2a (&rq->lock){-.-.}, at: __schedule+0x236/0x1ed0 [ 38.284733] #1: 00000000fd617ff3 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 38.284752] [ 38.284756] stack backtrace: [ 38.284762] CPU: 0 PID: 5337 Comm: syz-executor175 Not tainted 4.19.0-rc2+ #227 [ 38.284770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.284774] Call Trace: [ 38.284778] dump_stack+0x1c4/0x2b4 [ 38.284783] ? dump_stack_print_info.cold.2+0x52/0x52 [ 38.284787] ? vprintk_func+0x85/0x181 [ 38.284793] print_circular_bug.isra.33.cold.54+0x1bd/0x27d [ 38.284797] ? save_trace+0xe0/0x290 [ 38.284802] __lock_acquire+0x33e4/0x4ec0 [ 38.284806] ? mark_held_locks+0x130/0x130 [ 38.284811] ? mark_held_locks+0x130/0x130 [ 38.284815] ? rcu_bh_qs+0xc0/0xc0 [ 38.284819] ? unwind_dump+0x190/0x190 [ 38.284824] ? is_bpf_text_address+0xd3/0x170 [ 38.284829] ? kernel_text_address+0x79/0xf0 [ 38.284833] ? __kernel_text_address+0xd/0x40 [ 38.284838] ? __save_stack_trace+0x8d/0xf0 [ 38.284843] ? add_lock_to_list.isra.26+0x1ec/0x4b0 [ 38.284847] ? save_trace+0x290/0x290 [ 38.284852] ? save_stack_trace+0x1a/0x20 [ 38.284856] ? save_trace+0xe0/0x290 [ 38.284860] ? kasan_check_read+0x11/0x20 [ 38.284865] ? graph_lock+0x170/0x170 [ 38.284870] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.284874] lock_acquire+0x1ed/0x520 [ 38.284878] ? down_trylock+0x13/0x70 [ 38.284883] ? find_held_lock+0x36/0x1c0 [ 38.284887] ? lock_release+0x970/0x970 [ 38.284892] ? trace_hardirqs_off+0xb8/0x310 [ 38.284896] ? vprintk_emit+0x1d3/0x930 [ 38.284901] ? trace_hardirqs_on+0x310/0x310 [ 38.284911] ? trace_hardirqs_off+0xb8/0x310 [ 38.284915] ? log_store+0x344/0x4c0 [ 38.284920] ? vprintk_emit+0x322/0x930 [ 38.284924] _raw_spin_lock_irqsave+0x99/0xd0 [ 38.284929] ? down_trylock+0x13/0x70 [ 38.284933] down_trylock+0x13/0x70 [ 38.284938] __down_trylock_console_sem+0xae/0x200 [ 38.284942] console_trylock+0x15/0xa0 [ 38.284946] vprintk_emit+0x322/0x930 [ 38.284951] ? wake_up_klogd+0x180/0x180 [ 38.284956] ? run_rebalance_domains+0x500/0x500 [ 38.284960] ? wake_up_worker+0x117/0x190 [ 38.284965] ? find_held_lock+0x36/0x1c0 [ 38.284969] ? __queue_work+0x6be/0x1440 [ 38.284974] ? lock_acquire+0x1ed/0x520 [ 38.284978] vprintk_default+0x28/0x30 [ 38.284982] vprintk_func+0x7e/0x181 [ 38.284986] printk+0xa7/0xcf [ 38.284991] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 38.284996] ? kasan_check_write+0x14/0x20 [ 38.285000] ? do_raw_spin_lock+0xc1/0x200 [ 38.285005] ? do_raw_spin_lock+0xc1/0x200 [ 38.285009] kasan_report+0x9b/0x110 [ 38.285013] ? __schedule+0xfc3/0x1ed0 [ 38.285018] __asan_report_load8_noabort+0x14/0x20 [ 38.285022] __schedule+0xfc3/0x1ed0 [ 38.285027] ? __sched_text_start+0x8/0x8 [ 38.285031] ? __lock_is_held+0xb5/0x140 [ 38.285036] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.285041] ? find_held_lock+0x36/0x1c0 [ 38.285045] ? __call_srcu+0x7f9/0x1070 [ 38.285050] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.285056] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 38.285060] ? lockdep_hardirqs_on+0x421/0x5c0 [ 38.285065] ? preempt_schedule+0x4d/0x60 [ 38.285070] preempt_schedule_common+0x1f/0xd0 [ 38.285074] preempt_schedule+0x4d/0x60 [ 38.285078] ___preempt_schedule+0x16/0x18 [ 38.285091] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 38.285095] __call_srcu+0x7f9/0x1070 [ 38.285100] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 38.285105] ? srcu_offline_cpu+0x120/0x120 [ 38.285110] ? debug_object_free+0x690/0x690 [ 38.285114] ? mark_held_locks+0x130/0x130 [ 38.285119] ? kvm_arch_destroy_vm+0x414/0x7c0 [ 38.285123] ? lock_release+0x970/0x970 [ 38.285128] ? arch_local_save_flags+0x40/0x40 [ 38.285133] ? depot_save_stack+0x292/0x470 [ 38.285141] ? __lockdep_init_map+0x105/0x590 [ 38.285146] ? __init_waitqueue_head+0x9e/0x150 [ 38.285151] ? init_wait_entry+0x1c0/0x1c0 [ 38.285155] __synchronize_srcu+0x17b/0x230 [ 38.285159] ? call_srcu+0x10/0x10 [ 38.285164] ? rcu_unexpedite_gp+0x20/0x20 [ 38.285169] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 38.285175] ? check_preemption_disabled+0x48/0x200 [ 38.285179] synchronize_srcu+0x356/0x5ab [ 38.285184] ? lock_downgrade+0x900/0x900 [ 38.285189] ? synchronize_srcu_expedited+0x20/0x20 [ 38.285193] ? kasan_check_read+0x11/0x20 [ 38.285198] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 38.285203] ? kasan_check_write+0x14/0x20 [ 38.285207] ? do_raw_spin_lock+0xc1/0x200 [ 38.285213] kvm_page_track_unregister_notifier+0x17d/0x250 [ 38.285218] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 38.285222] ? kvfree+0x61/0x70 [ 38.285227] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.285231] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.285236] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 38.285241] ? kvm_arch_sync_events+0x30/0x30 [ 38.285246] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.285251] ? mmu_notifier_unregister+0x474/0x600 [ 38.285255] ? kfree+0x107/0x230 [ 38.285260] ? __mmu_notifier_register+0x30/0x30 [ 38.285264] ? __free_pages+0x10a/0x190 [ 38.285269] ? free_unref_page+0x960/0x960 [ 38.285273] kvm_put_kvm+0x6c8/0xff0 [ 38.285278] ? kvm_write_guest_cached+0x40/0x40 [ 38.285283] ? kvm_irqfd_release+0xd1/0x120 [ 38.285287] ? _raw_spin_unlock_irq+0x27/0x80 [ 38.285292] ? _raw_spin_unlock_irq+0x27/0x80 [ 38.285296] ? kasan_check_write+0x14/0x20 [ 38.285301] ? do_raw_spin_lock+0xc1/0x200 [ 38.285305] ? kvm_irqfd_release+0x [ 38.285313] Lost 77 message(s)! [ 39.419289] Shutting down cpus with NMI [ 40.477251] Dumping ftrace buffer: [ 40.480782] (ftrace buffer empty) [ 40.485043] Kernel Offset: disabled [ 40.488666] Rebooting in 86400 seconds..